Secret Service: Prevention, not arrests, is key to cybersecurity

In its efforts to combat cybercrime, the Secret Service is learning from law enforcement mistakes made in the war on drugs.

'Enforcement controlled the agenda, and prevention was a small part of it,' said Special Agent John Frazzini, who is helping to organize a nationwide electronic crimes task force.

That approach did not work very well against drugs and will not work against hackers, Frazzini said during a panel discussion on cyberterrorism at the Sector5 cybersecurity conference in Washington.

'We're not going to arrest our way to security,' he said. 'The concept of the task force is analogous to the neighborhood watch program,' in which members of a community look out for each other to prevent crime. So the Secret Service is moving from a posture of secrecy toward one of public engagement.

The national task force was mandated by the U.S. Patriot Act and is based on the New York Electronic Crimes Task Force, a multiagency effort in which the Secret Service is a leading participant. A similar task force has been set up in Washington.

The consensus of the panel of government, industry and academic experts was that cooperation and information exchange, both within and between organizations, is key to protecting networks and systems. Technology cannot keep up with the task of finding and fixing new vulnerabilities in hardware and software.

'Security is getting worse faster than it can ever be fixed,' said Jeff Moss, a self-described hacker and now chief executive officer of Black Hat Inc. of Seattle, which organizes cybersecurity training sessions and conferences. 'Now we have to figure out how to live with it.'

But the future is not necessarily bleak, Moss said. 'It's been this way for 10 years, and we're still here.'